CODEWITHSUNDEEP
herokuflaskgunicorn
J-bob
J-bob

Reputation: 9126

Trouble with Flask's request.is_secure using gunicorn and heroku with Flask

I've seen this problem discussed on the web, but the explanations for fixing it aren't exactly clear, especially if you're not super familiar with Flask. It's the issue where request.is_secure always returns False when flask is running on gunicorn on Heroku, even if the request is done with HTTPS. I'm using Flask 0.8 and gunicorn 19.0.0.

I found this link, makes it look like you create a file called gunicorn.py with those contents, but that just created an import error on the Heroku server. Then I tried taking those settings and applying them directly to my app Flask object by doing:

app.secure_proxy_ssl_header = ('HTTP_X_FORWARDED_PROTO', 'https')
app.forwarded_allow_ips = '*'
app.x_forwarded_for_header = 'X-FORWARDED-FOR'
app.secure_scheme_headers = {
'X-FORWARDED-PROTO': 'https',
}

but still no dice. Can somebody please give a clear explanation of what I have to do, and where to put the configuration?

Upvotes: 1

Views: 995

Answers (2)

Rachel Sanders
Rachel Sanders

Reputation: 5884

I know you already fixed your problem, but I had a similar issue and had to set a second RequestHeader in Apache:

  ProxyPreserveHost On
  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Scheme https
  Timeout 300
  ProxyTimeout 300

And that seemed to work.

Upvotes: 2

J-bob
J-bob

Reputation: 9126

Turned out the solution was much simpler than I thought. All I had to do was:

from werkzeug.contrib.fixers import ProxyFix

and then

app.wsgi_app = ProxyFix(application.wsgi_app)

Upvotes: 2

Related Questions